[Forgot Password]
Login  Register Subscribe

24128

 
 

131573

 
 

110139

 
 

909

 
 

85964

 
 

136

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML view JSON

CVE-2015-3165Date: (C)2015-06-04   (M)2018-06-03


Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before 9.1.16, 9.2.x before 9.2.11, 9.3.x before 9.3.7, and 9.4.x before 9.4.2 allows remote attackers to cause a denial of service (crash) by closing an SSL session at a time when the authentication timeout will expire during the session shutdown sequence.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : CVSS Score : 4.3
Exploit Score: Exploit Score: 8.6
Impact Score: Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: Access Vector: NETWORK
Attack Complexity: Access Complexity: MEDIUM
Privileges Required: Authentication: NONE
User Interaction: Confidentiality: NONE
Scope: Integrity: NONE
Confidentiality: Availability: PARTIAL
Integrity:  
Availability:  
  
Reference:
BID-74787
APPLE-SA-2015-09-16-4
DSA-3269
DSA-3270
GLSA-201507-20
RHSA-2015:1194
RHSA-2015:1195
RHSA-2015:1196
USN-2621-1
http://www.postgresql.org/about/news/1587/
http://www.postgresql.org/docs/9.0/static/release-9-0-20.html
http://www.postgresql.org/docs/9.1/static/release-9-1-16.html
http://www.postgresql.org/docs/9.2/static/release-9-2-11.html
http://www.postgresql.org/docs/9.3/static/release-9-3-7.html
http://www.postgresql.org/docs/9.4/static/release-9-4-2.html
https://support.apple.com/HT205219

CPE    32
cpe:/o:apple:mac_os_x_server:5.0.2
cpe:/o:canonical:ubuntu_linux:14.10
cpe:/a:postgresql:postgresql:9.2.7
cpe:/a:postgresql:postgresql:9.1.7
...
OVAL    13
oval:org.secpod.oval:def:602124
oval:org.secpod.oval:def:702572
oval:org.secpod.oval:def:602111
oval:org.secpod.oval:def:602109
...

© SecPod Technologies